Re: [Qmail-scanner-general]Re:Badtrans go thru! -- new fixcrio.c
AV/content filter for Qmail
Brought to you by:
jhaar
From: John N. <jn...@cd...> - 2001-12-31 21:31:01
|
----- Original Message ----- From: "Jason Haar" <Jas...@tr...> To: <qma...@li...> Sent: Monday, December 31, 2001 2:07 PM Subject: Re: [Qmail-scanner-general]Re:Badtrans go thru! -- new fixcrio.c > On Mon, Dec 31, 2001 at 01:57:46PM -0500, CertaintyTech - Ed Henderson wrote: > > You're saying the original looked like: > > Content-Type: text/plain;\rcharset="iso-8859-1"\n > > I mean - that's just plain broken anyway - that's just not valid anywhere. > According to RFC2046, this is true. Is doing nothing really the best course of actiong, however, because its potentially throwing off the scanner? <RANT> So what should be done? - Not allow any user to use any Microsoft product that can't adhere to Internet Standards? A note-worthy solution, but impractical. The Internet's popularity is partly due to Microsoft and they're easy-to- use "solutions" for accessing the Internet, regardless of their inability to adhere to standards, defacto or otherwise, and dispite their love for writing programs with defects that are easily exploitable. Can we honestly go up to people and say "No Windows For You!" and install a *NIX OS that they in turn are too lazy to keep secure as well, which is a whole other playground for the packet- and script-kiddies out there. - Drop large bombs on 1 Microsoft Way? Oh the joys that would bring - but again, not a practical solution. - Find a way to get around this and fixing the broken header? Personally, the only solution I can think of. We can't rely on Microsoft to fix this (and it may exist in Non-MS products as well), and if they do, who's going to go around and make sure everyone updates? The same person who went around and made sure everyone patched their IIS server to protect against Nimda and Codered? (I'm still seeing hits for these, so whoever this person is is either slow or not doing a thorough job). </RANT> So, the question remains, at what level should this be fixed? The obvious is to fix it at the end-user, by fixing the broken client - as reasons stated prior, not a practical solution. Fix it at the SMTP level? Patching qmail would be a good place to do this, but this is a MIME problem really, not SMTP - its not the SMTP protocol's fault this occuring, so, like the 'fixcrio' patch - we're putting the bandaid on the wrong wound. Fix it at reformime? The program that is responsible for ripping apart the e-mail message and getting the attachments out is failing because it didn't take the lack of '\n's into account. Don't blame them - as Haar, DJB, and the RFC's have stated in one form or another, its just wrong syntax. But this inconsistancy has occured, and, in my opinion, should be addressed. Fix it in Q-S? As stated w/ SMTP, its really not Q-S's fault either. However, PERL can more easily fix broken headers like this. This is will slow down Q-S a bit, however, but will keep reformime RFC-compliant and should reformime be updated, we would possibly have to rewrite the patch, make sure its reapplied, etc. <MORE RANTING> Do absolutely nothing? Personally, my choice. Q-S does a great job in helping to prevent viruses getting through, and we all love ya Haar, but no body is perfect and things may slip through the cracks. Thats just nature. End-users, should they be customers of an ISP, or employees at a corporation, should be somewhat educated on the risks of attachments, e-mail clients, and really should have a desktop-level anti-virus software installed for more reasons than I can namely, but mainly because e-mail is not the only way a virus/worm/trojan can get in. End-users should also be educated to keep their software up-to-date, because a scanner thats out of date might as well not even be there. </OK ALL DONE> Thats all my $.02. It is now really a request for comments of sorts - do we fix it or is it not really even broken? As far as "fixing" 'fixcrio' - personally I don't recommend using my patch :). I patched it because it was requested and I was feeling lucky this morning (feeling lucky, not got lucky). But as Haar has said, it would break if ESMTP is used. - John John Narron - jn...@cd... | "If I die tomorrow Network Administration | I'll be alright because I believe CDS/CDSinet, LLC http://www.cdsinet.net | That after we're gone 122 N. Lafayette, Marshall, MO 65340 | The spirit carries on." fon: (660) 886 4045 fax: (660) 886 4065 | - Dream Theater |